Mikkel Georgsen
81486fc4f8
- Add slowapi limiter with 100/minute default limit - Create CsrfSettings Pydantic model for fastapi-csrf-protect - Add deps.py with get_db re-export and validate_csrf dependency - Configure secure cookie settings (httponly, samesite=lax)
26 lines
832 B
Python
26 lines
832 B
Python
"""Security configuration for rate limiting and CSRF protection."""
|
|
|
|
from pydantic import BaseModel
|
|
from slowapi import Limiter
|
|
from slowapi.util import get_remote_address
|
|
|
|
from backend.app.core.config import settings
|
|
|
|
# Rate limiter configuration
|
|
# See: 01-RESEARCH.md Pattern 3: FastAPI Security Middleware Stack
|
|
limiter = Limiter(
|
|
key_func=get_remote_address,
|
|
default_limits=["100/minute"],
|
|
# For production, use Redis: storage_uri="redis://localhost:6379"
|
|
# For development, uses in-memory storage by default
|
|
)
|
|
|
|
|
|
class CsrfSettings(BaseModel):
|
|
"""CSRF protection settings for fastapi-csrf-protect."""
|
|
|
|
secret_key: str = settings.csrf_secret_key
|
|
cookie_samesite: str = "lax"
|
|
cookie_secure: bool = True # HTTPS only
|
|
cookie_httponly: bool = True
|
|
cookie_domain: str = settings.cookie_domain
|